<?php
require 'login-libs.php';

//check that the email address is provided and valid
if( !isset($_REQUEST['email']) || $_REQUEST['email'] == '' || !filter_var( $_REQUEST['email'], FILTER_VALIDATE_EMAIL ) ){
	login_redirect( $url,'noemail');
}

//check that a verification code was provided
if(!isset($_REQUEST['verification_code']) || $_REQUEST['verification_code'] == '' ){
	login_redirect($url, 'novalidation');
}

//check that the email /verification code combination matches a row in the user table
$password = md5($_REQUEST['email'].'|'.$_REQUEST['password']);
$r = $database->dbRow('SELECT * FROM user_accounts
			WHERE email = "'.addslashes($_REQUEST['email']).'"
			AND verification_code = "'.$_REQUEST['verification_code'].'"
			AND active');
if($r == false){
	login_redirect($url, 'validationfailed');
}

//succes! set the session variable, clear the code from the db, then redirect
$database->dbQuery('UPDATE user_accounts
		SET verification_code
		WHERE email = "'.addslashes($_REQUEST['email']).'"');

$_SESSION['userdata'] = $r;
$groups = json_decode($r['groups']);
$_SESSION['userdata']['groups'] = array();
foreach($groups as $g) $_SESSION['userdata']['groups'][$g] = true;
if($r['extras']=='') $r['extras'] = '[]';
$_SESSION['userdata']['extras'] = json_decode($r['extras']);

login_redirect($url, 'verified');